Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Android 13 Tries to Make Privacy and Security a No-Brainer

With its latest mobile OS update, Google aims to simplify the adoption of Android’s protective features for users and developers alike.

Wired
Open in Source
#vulnerability#ios#android#apple#google#git#wifi
Update now! Microsoft releases patches, including one for actively exploited zero-day

May's Patch Tuesday includes one actively exploited zero-day vulnerability and some other interesting ones. The post Update now! Microsoft releases patches, including one for actively exploited zero-day appeared first on Malwarebytes Labs.

Fake WHO Safety Emails on COVID-19 Dropping Nerbian RAT Across Europe

By Deeba Ahmed The novel Nerbian RAT (remote access trojan) is currently targeting’ entities in Spain, Italy, and the United Kingdom.… This is a post from HackRead.com Read the original post: Fake WHO Safety Emails on COVID-19 Dropping Nerbian RAT Across Europe

Google Will Use Mobile Devices to Thwart Phishing Attacks

In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of

CVE-2021-39738: Android Automotive OS Update Bulletin—May 2022  |  Android Open Source Project

In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509

CVE-2022-20121: Pixel Update Bulletin—May 2022  |  Android Open Source Project

In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A

CVE-2022-20112: Android Security Bulletin—May 2022  |  Android Open Source Project

In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762

CVE-2022-20116: Android Security Bulletin—May 2022  |  Android Open Source Project

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212467440

Jocker, Other Fleeceware Surges Back Into Google Play

Some mobile apps are being weaponized with Trojans that secretly sign Android users up for paid subscription services.